Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Nov 17, 2025

Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay

CVE-2023-53688

Description

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.

Affected products

Nagios/XIllm-fuzzy
Range: <5.11.3
Nagios/XIv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nagios.com/changelog/nagios-xi/mitrerelease-notespatch
www.nagios.com/products/security/mitrevendor-advisorypatch
www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relaymitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000